PHP Security Question

From: Patrick McDonnell (pmcdonnell_at_muncc.marmionacademy.org)
Date: 09/26/04

  • Next message: Joe: "Re: Need Help Configuring LAN for Email" 
    Date: Sun, 26 Sep 2004 13:06:37 -0500

    Here's my situation: I'm working on a PHP application that adds user
    accounts to my system. However, the PHP script runs on the webserver,
    while the accounts need to be created on a different box, which I'll refer
    to as "master". Right now, on "master" I have a script which can create
    and destroy directories in /home, and set permissions, etc. The script is
    run by a shell_exec(ssh master sudo homeDirManage.sh create $USER). I have
    setup the web server user to be able to ssh to master without a password,
    and use sudo to run homeDirManage.sh without a password. What I'm worried
    about is that any other user able to put up their web page can do the exact
    same thing, and delete home dirs. Is there a more secure way to do this?

  • Next message: Joe: "Re: Need Help Configuring LAN for Email"

    Relevant Pages

    • PHP Security Question
      ... However, the PHP script runs on the webserver, ... while the accounts need to be created on a different box, ... on "master" I have a script which can create ...
      (comp.lang.php)
    • Re: PHP Security Question
      ... > accounts to my system. ... However, the PHP script runs on the webserver, ... > run by a shell_exec(ssh master sudo homeDirManage.sh create $USER). ... Instead of the web server pushing the user info to the master, ...
      (comp.lang.php)
    • Re: Last Logon Time Stamp
      ... > I am new to script. ... > I need to list out inactive accounts more than 90 days in both AD accounts ... Use ADO to retrieve lastLogonTimeStamp for all users. ... And here is a sample program that retrieves the distinguishedName for all ...
      (microsoft.public.windows.server.scripting)
    • Re: Script to delete computer accounts not working
      ... thanks for the initial script as well. ... computer accounts that are disabled and haven't been modified for 30 days. ... Set objCommand = CreateObject ...
      (microsoft.public.scripting.vbscript)
    • Re: Running a script against an OU
      ... Do I need to place a forward slash between Computer and Accounts? ... run the script against an OU called lab1? ... the WinNT provider is blind to OU's, so you must use the LDAP provider to ... bind to the OU. ...
      (microsoft.public.scripting.vbscript)